Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
33
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
79
Getting Blindly Lucky
jr0ch17
0
60
Qu'est-ce que le bug bounty?
jr0ch17
0
91
Finding 5 bugs in a single parameter
jr0ch17
0
61
Beyond the Borders of Scope
jr0ch17
0
45
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
明日からできる!技術的負債の返済を加速するための実践ガイド~『ホットペッパービューティー』の事例をもとに~
recruitengineers
PRO
3
410
Developers Summit 2025 浅野卓也(13-B-7 LegalOn Technologies)
legalontechnologies
PRO
0
740
2025-02-21 ゆるSRE勉強会 Enhancing SRE Using AI
yoshiiryo1
1
370
2.5Dモデルのすべて
yu4u
2
880
Cloud Spanner 導入で実現した快適な開発と運用について
colopl
1
710
現場で役立つAPIデザイン
nagix
33
12k
JEDAI Meetup! Databricks AI/BI概要
databricksjapan
0
150
急成長する企業で作った、エンジニアが輝ける制度/ 20250214 Rinto Ikenoue
shift_evolve
3
1.3k
OpenID BizDay#17 KYC WG活動報告(法人) / 20250219-BizDay17-KYC-legalidentity
oidfj
0
250
君も受託系GISエンジニアにならないか
sudataka
2
440
個人開発から公式機能へ: PlaywrightとRailsをつなげた3年の軌跡
yusukeiwaki
11
3k
Developer Summit 2025 [14-D-1] Yuki Hattori
yuhattor
19
6.2k
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.6k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Mobile First: as difficult as doing things right
swwweet
223
9.3k
Building Your Own Lightsaber
phodgson
104
6.2k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
133
33k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.8k
Automating Front-end Workflow
addyosmani
1368
200k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
4
330
Writing Fast Ruby
sferik
628
61k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
175
51k
Six Lessons from altMBA
skipperchong
27
3.6k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.6k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
recruitengineers
legalontechnologies
yoshiiryo1
yu4u
colopl
nagix
databricksjapan
shift_evolve
oidfj
sudataka
yusukeiwaki
yuhattor
dougneiner
chriscoyier
swwweet
phodgson
eileencodes
samanthasiow
addyosmani
sferik
soudai
skipperchong
bluesmoon
